Secured Suppression of Address Discovery Messages

2. The method of claim 1 further comprising discarding the address discovery record when the address discovery record violate a rule in the identified set of rules.

3. The method of claim 1, wherein the address discovery record is an address resolution protocol (ARP) record.

4. The method of claim 1, wherein the address discovery record is a neighbor discovery (ND) record.

5. The method of claim 1, wherein the address discovery record binds the newly identified first network address and the previously known second network address through an address discovery snooping method on a device connected to the network.

6. The method of claim 5, wherein the device is a host computer on which machines connected to the network execute.

7. The method of claim 6, wherein receiving the address discovery record comprises receiving the address discovery record from the host computer.

8. The method of claim 5, wherein the newly identified first network address comprises a MAC (media access control) address and the previously known second network address comprises an IP (Internet Protocol) address.

9. The method of claim 1, wherein the set of rules comprises at least one user-defined rule specified by an administrator for the network.

10. The method of claim 1, wherein the set of rules comprises a rule that specifies a valid method for identifying the newly identified first network address, and receiving the address discovery record comprises receiving the address discovery record with an identifier that identifies the method by which the newly identified first network address was learned by a device that produced the address discovery record.

11. The method of claim 1, wherein the received address discovery record is for a port of a forwarding element of the network and the set of rules comprises a rule that specifies a maximum number of reported address discovery records for the port.

12. The method of claim 11, wherein the network is a logical network and the forwarding element is a logical forwarding element that spans a plurality of host computers associated with the logical network.

13. The method of claim 1, wherein the received address discovery record is for a port of a forwarding element of the network, and the set of rules comprises a trust-on-first-use rule that specifies a number of acceptable reported address discovery records for the port.

14. The method of claim 1, wherein the received address discovery record is for a port of a forwarding element of the network, and the set of rules comprises a rule that discards duplicate address discovery records that are reported for the port.

15. The method of claim 1, wherein the received address discovery record is for a port of a forwarding element of the network, and the set of rules comprises a rule that, after a first address discovery record is received for the port, discards a second address discovery record that is reported for the port.

16. The method of claim 1, wherein the devices to which the received address discovery record is distributed are host computers executing machines connected to the network.

17. The method of claim 1, wherein distributing the received address discovery record comprises distributing the address discovery record to the one or more devices.

18. The method of claim 1, wherein the set of servers comprises a set of one or more network controllers for configuring forwarding elements in the network.

20. The non-transitory machine readable medium of claim 19, wherein the program is a network controller program.